Back to KEVs

CVE-2017-6884

A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 14, 2017
Published Date
April 06, 2017
Last Updated
February 04, 2025
Vendor
Zyxel
Product
EMG2926 home router
Description
A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute arbitrary commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.
Tags
cisa edge

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

9.0

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2023-09-18 00:00:00 UTC) Source

References

https://www.exploit-db.com/exploits/41782/

Known Exploited Vulnerability Information

Source Added Date
CISA 2023-09-18 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel